Lastpass Hacked

Putting this in Virtual Cafe for broader viewing...

If you use Lastpass, they are recommending that you change your master password. It's just a precaution. Your password has not been stolen. But it's possible that the thieves could, after a brute force attack, figure it out. Your individual passwords are safe for now.

I commend them for letting their customers know so quickly. Other companies should follow their example... I hate how the media sensationalizes stuff like this.

http://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/

....sigh....As recommended, I changed my master password. I changed it with great care; writing it down before I typed it in. You must enter the new password twice before entering it. OK....Done....BUT....now LastPass does not recognize nor accept the new password. It doesn't recognize or accept the old master password either. I'm locked out of LastPass and all the sites I have connected to it for password entry.... What a #!*%@!! mess!

Just changed mine, and when I logged in with the new password it briefly showed my folders/sites then sent me back to the log in page again. I logged in again and this time it worked -- so, maybe try logging in again? Seems like for me at least it was just a hiccup on initial login after password change (this was on desktop, Google Chrome -- I'll have to try it on my iPhone next).

Now I'm scared to change mine.

sac said:
Now I'm scared to change mine.

Don't be. Worked fine for me.

ParticleMan said:

sac said:
Now I'm scared to change mine.

Don't be. Worked fine for me.

Thanks ... I just did it and it worked for me also. Whew!

For waxwings - My confirmation email says that you can revert the password change at https://lastpass.com/revert.php. Did you try that?

@PMV The same thing happened to me ( w/ desk top PC Google Chrome) but when it sent me back to the log in page again, it would not accept my log in. After a few tries it automatically shuts you out for a waiting period. All this happened last night and is still happening. It should be noted that there aren't any "people" in LastPass. It's all computer controlled. At this point I will just give it up and go back to all my LastPass password controlled user sites and try to change all the passwords....

By the way, I highly recommend implementing two factor authentication. It significantly improves your security.

Waxwings, Of course there are people at Lastpass. Have you tried reaching out to them for support?

ParticleMan - Yes, I have been trying for many hours now, but so far...NADA. With the recent hack attempt I'm sure any and all ways to contact are swamped....Here's one of the things that came up in a google search : http://gethuman.com/contact/LastPass-com/

@waxwings2 - if you do reach out (a good idea I think), you might also try via their FB and twitter pages:

https://www.facebook.com/LastPass

https://twitter.com/LastPass

In my experience companies respond quicker when the initial contact is via social media than email.

And actually, on twitter I see they actually have an account specifically for help:

https://twitter.com/LastPassHelp

Thanks for your help and suggestions, PVW and ParticleMan. I just now was able to get in and "revert" to old master password. I had tried that many times previously, but for some reason was not able to connect properly. So, now I am at least connected albeit with old master password. Although LastPass recommends changing M.P., as you might imagine I am reluctant now to try!

ParticleMan said:
By the way, I highly recommend implementing two factor authentication. It significantly improves your security.

I just did this. I already have it for my google accounts. If you've never used it, you will find it complicated, but you will get used to it, and it's a very good thing to do. I use the Google Authenticator app on my phone, but there are other ways to do two-factor authentication.

This thread came up in my search and I have a question. I need a master password that I can remember for one of my programs. I've run out of ideas. Anyone have a good way of making up passwords?

fabulouswalls said:
This thread came up in my search and I have a question. I need a master password that I can remember for one of my programs. I've run out of ideas. Anyone have a good way of making up passwords?

Here's an article that might help: https://www.tipsandtricks-hq.com/how-to-create-strong-passwords-that-are-easy-to-remember-but-hard-to-break-1243

(And I'm so glad that this post is the reason that this thread was bumped. I was worried, since I use LastPass.)

Thanks for the link. Now I have to be creative enough to make a new pw. My current one is 18 characters and I can't stand typing it.

fabulouswalls said:
Thanks for the link. Now I have to be creative enough to make a new pw. My current one is 18 characters and I can't stand typing it.

It's probably worth having a slightly longer password for your master password in order to let LastPass type it in most of the rest of the time. On the few sites where that method doesn't work, copy/paste usually does.

I AM greatly annoyed at one or two websites that have intentionally disabled the automatic fill-in capability (and others that do not allow "paste" into their password fields.) I make my feelings about that known to those companies when I have the chance and sometimes just take my business elsewhere.

sac said:

fabulouswalls said:
Thanks for the link. Now I have to be creative enough to make a new pw. My current one is 18 characters and I can't stand typing it.

It's probably worth having a slightly longer password for your master password in order to let LastPass type it in most of the rest of the time. On the few sites where that method doesn't work, copy/paste usually does.
I AM greatly annoyed at one or two websites that have intentionally disabled the automatic fill-in capability (and others that do not allow "paste" into their password fields.) I make my feelings about that known to those companies when I have the chance and sometimes just take my business elsewhere.

I guess you use LastPass. I use a different manager.

fabulouswalls said:

sac said:

fabulouswalls said:
Thanks for the link. Now I have to be creative enough to make a new pw. My current one is 18 characters and I can't stand typing it.

It's probably worth having a slightly longer password for your master password in order to let LastPass type it in most of the rest of the time. On the few sites where that method doesn't work, copy/paste usually does.
I AM greatly annoyed at one or two websites that have intentionally disabled the automatic fill-in capability (and others that do not allow "paste" into their password fields.) I make my feelings about that known to those companies when I have the chance and sometimes just take my business elsewhere.

I guess you use LastPass. I use a different manager.

Yes, I do.

I'm planning to give LastPass a try, and I came across this article, which I thought might be useful to share with others: https://www.tipsandtricks-hq.com/how-to-create-strong-passwords-that-are-easy-to-remember-but-hard-to-break-1243

unicorn33 said:

I'm planning to give LastPass a try, and I came across this article, which I thought might be useful to share with others: https://www.tipsandtricks-hq.com/how-to-create-strong-passwords-that-are-easy-to-remember-but-hard-to-break-1243

I don't need to worry about creating strong passwords.

I use password safe, letting password safe create a different password for each secure account site. I don't even know the passwords. The only password I know is the master password to get into the safe. I let password safe then autotype the user id and password into my various secured site.

A typical password safe generated password is GSmz1S1oLD76dXOUY3Cl.

I also use password safe to generate "answers" to those stupid questions like "Mother's maiden name" or "First School." Again, its random letters I don't know the answer to.

The reason I find those questions stupid is because it gives an alternate easy way to hack into a person's account when true actual answers are used. That's how Sarah Palin's email account got hacked.

Oy, you people are not paying attention to each other.

I use the paid version of Lastpass and am very committed to it.

My workplace is even more committed. We have the enterprise version.

I highly recommend it.

My master password is the lyrics to a song. Can you guess which song? Of course not. I misspell it in a way I can somehow remember. I don't know how I remember it, but I do. Since it is English, it's easy to type, even though it's 53 characters long.

And I thought my 19 character master Pw was long.